Adobe is changing the world through digital experiences. Our creative, marketing and document solutions empower everyone — from emerging artists to global brands — to bring digital creations to life and deliver them to the right person
at the right moment for the best results.

Flash Player update available to address security vulnerabilities

Summary

Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users update to the most current version of Flash Player available for their platform. No action is required by customers who have already updated to Flash Player 10.0.12.36. The Flash Player 9.0.151.0 update addresses the issues previously reported in Security Bulletin APSB08-18 and the issues reported in Security Bulletin APSB08-22 in addition to the issues outlined in this Security Bulletin.

Revisions

November 17, 2008 – Bulletin updated with information on the AIR 1.5 update and Security Bulletin APSB08-22
November 5, 2008 – Bulletin first created

Affected software versions

Adobe Flash Player 9.0.124.0 and earlier.

To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Solution

Adobe recommends all users of Adobe Flash Player 9.0.124.0 and earlier versions upgrade to the newest version 10.0.12.36 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.151.0, which can be downloaded from the following link.

Severity rating

Adobe categorizes this as a critical update due to the issues previously outlined in Security Bulletin APSB08-18 and recommends affected users upgrade to version 10.0.12.36.